Checkpoint Quantum Security Gateway
VulnCheck Initial Access Intelligence improves Checkpoint Quantum Security Gateway deployments by providing real-time IP Address data via our Tags API.
Customers of Checkpoint Quantum Security Gateway who purchase a VulnCheck Initial Access Intelligence license are able to leverage Checkpoint's Dynamic Block List (DBL) functionality to block attacker Command & Control (C2) infrastructure detected by VulnCheck.
Working with Dynamic Block Lists in Checkpoint Quantum Security Gateway
Checkpoint Quantum Security Gateway provides an easy to use Custom Intelligence Feeds feature, which may be used with third-party intelligence providers like VulnCheck.
For more information on these features from Checkpoint see: What is the "Custom Intelligence Feeds" feature?
Block VulnCheck C2 Detections with Checkpoint Quantum Security Gateway
The Custom Intelligence Feeds from Checkpoint feature supports different kinds of CSV structure files (including newline separated files).
As an example, to block C2 detections from VulnCheck, simply run:
ioc_feeds add --feed_name ip_list --transport http --resource "https://api.vulncheck.com/v3/tags/vulncheck-c2?token=INSERT_VULNCHECK_TOKEN" --format [value:1,type:ip]
